Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tutorials:permissions [2011/10/02 15:24]
memnon Fix ToC and improve readability in example et al.
tutorials:permissions [2012/05/05 20:06] (current)
memnon Minor formatting, $ID
Line 30: Line 30:
 ^ w | Change (**w**rite) file contents. | Add or remove files from directory.<​sup>​2</​sup>​ | ^ w | Change (**w**rite) file contents. | Add or remove files from directory.<​sup>​2</​sup>​ |
 ^ x | Shell will attempt to e**x**ecute file if file name entered by itself on command line. | Access (read or write) the directory<​sup>​3</​sup>​ or any files in the directory or its subtree, or make the directory the user's working directory. | ^ x | Shell will attempt to e**x**ecute file if file name entered by itself on command line. | Access (read or write) the directory<​sup>​3</​sup>​ or any files in the directory or its subtree, or make the directory the user's working directory. |
-**Notes:​** ​    - File information can be obtained even without directory **r** permission if a file's full name is specified, ​   - **w** directory permission allows a user to delete a file from the directory, ​//even if the user does not have **w** (change contents) permission for the file itself//. The reverse is also possible: a user who lacks **w** directory permission may be able to modify the contents of a file in the directory but not delete it.    - Implementations vary on the permission required to list directory file names. SDF hosts (running NetBSD) will list directory files if the user has **r** permission for the directory. Other implementations require both **r** and **x** permissions to list directory files. ​|||+ **Notes:​** ​     
 +  ​- File information can be obtained even without directory **r** permission if a file's full name is specified, ​   ​ 
 +  ​- **w** directory permission allows a user to delete a file from the directory, even if the user does not have **w** (change contents) permission for the file itself. The reverse is also possible: a user who lacks **w** directory permission may be able to modify the contents of a file in the directory but not delete it.    ​ 
 +  ​- Implementations vary on the permission required to list directory file names. SDF hosts (running NetBSD) will list directory files if the user has **r** permission for the directory. Other implementations require both **r** and **x** permissions to list directory files. ​
  
 Unlike some other file systems, such as NTFS, neither **r** nor **w** directory permission have any influence on **r** or **w** permission for subdirectories or files anywhere in the directory'​s subtree. **r** or **w** permission is determined by what has been assigned to your user class for the directory in question without considering **r** and **w** permission for directories higher in the file system tree. Unlike some other file systems, such as NTFS, neither **r** nor **w** directory permission have any influence on **r** or **w** permission for subdirectories or files anywhere in the directory'​s subtree. **r** or **w** permission is determined by what has been assigned to your user class for the directory in question without considering **r** and **w** permission for directories higher in the file system tree.
Line 44: Line 47:
 ^ g | //​**G**roup//​. Members of the user group to which the file has been assigned. | ^ g | //​**G**roup//​. Members of the user group to which the file has been assigned. |
 ^ o | //​**O**thers//​. Users not in either of the above classes. This is the user class that SDF's web server uses when a web browser requests a file from your web site.<​sup>​1</​sup>​ | ^ o | //​**O**thers//​. Users not in either of the above classes. This is the user class that SDF's web server uses when a web browser requests a file from your web site.<​sup>​1</​sup>​ |
-**Notes:​** ​    - The use of CGI programs on a web site complicates the permission check. Access to the CGI program file itself is checked with user class **o**. Many web servers are configured so that file access requests from CGI programs are also checked with user class **o**. However, the SDF web server has been configured to execute CGI programs with the permissions of the owner of the program file (//you//, for CGI programs you have installed on your SDF web site). Therefore if your CGI program accesses files owned by you, permissions will be checked with user class **u**. Files not owned by you will be checked with user class **o**. ​||+**Notes:​** ​     
 +  ​- The use of CGI programs on a web site complicates the permission check. Access to the CGI program file itself is checked with user class **o**. Many web servers are configured so that file access requests from CGI programs are also checked with user class **o**. However, the SDF web server has been configured to execute CGI programs with the permissions of the owner of the program file (//you//, for CGI programs you have installed on your SDF web site). Therefore if your CGI program accesses files owned by you, permissions will be checked with user class **u**. Files not owned by you will be checked with user class **o**.
  
 ==== An example ==== ==== An example ====
Line 50: Line 54:
 File permission information can be obtained with the long listing option of the "​ls"​ command: "ls -l" File permission information can be obtained with the long listing option of the "​ls"​ command: "ls -l"
  
 +^ //a//        |     ^ //b//  ^ //c//  |       ​| ​               |             |
 | "​drwxr-xr-x"​ | "​2"​ | "​papa"​ | "​arpa"​ | "​512"​ | "Sep 29 01:02" | "​arpastuff"​ | | "​drwxr-xr-x"​ | "​2"​ | "​papa"​ | "​arpa"​ | "​512"​ | "Sep 29 01:02" | "​arpastuff"​ |
 | "​-rwxr-x---"​ | "​1"​ | "​papa"​ | "​arpa"​ | "​11402"​ | "Sep 29 01:02" | "​hello"​ | | "​-rwxr-x---"​ | "​1"​ | "​papa"​ | "​arpa"​ | "​11402"​ | "Sep 29 01:02" | "​hello"​ |
 | "​-rw-r-----"​ | "​1"​ | "​papa"​ | "​arpa"​ | "​13"​ | "Sep 29 01:02" | "​hello.txt"​ | | "​-rw-r-----"​ | "​1"​ | "​papa"​ | "​arpa"​ | "​13"​ | "Sep 29 01:02" | "​hello.txt"​ |
-| //a// |  | //b// | //c// |  |  |  | 
  
 Field //a// is the //file mode//, a string of ten one-character flags that indicate the file's permissions and other information. The following is a list of mode flags in character order with a partial list of possible flag values for each: Field //a// is the //file mode//, a string of ten one-character flags that indicate the file's permissions and other information. The following is a list of mode flags in character order with a partial list of possible flag values for each:
Line 156: Line 160:
  
 "​chflags nouunlnk foo" "​chflags nouunlnk foo"
 +
 +$Id: permissions.html,​v 1.8 2007/10/02 11:22:28 papa Exp $